UbuntuUbuntu Based

How To Install SELinux on Ubuntu 22.04 LTS

Install SELinux on Ubuntu 22.04

In this tutorial, we will show you how to install SELinux on Ubuntu 22.04 LTS. Are you looking to harden your Ubuntu system’s security with advanced access controls? Security-Enhanced Linux (SELinux) provides an extra layer of protection to keep your data and applications safe. In this step-by-step guide, learn how to easily install and configure SELinux on Ubuntu to lock down your Linux server.

While Ubuntu comes with its own Mandatory Access Control system called AppArmor, you can opt to use the more comprehensive SELinux instead for greater control and security. Originally developed by the NSA, SELinux enforces strict access control policies to limit the damage potential if a service or application is compromised. By installing SELinux on your Ubuntu system, you can:

  • Confine applications and processes with granular permissions.
  • Prevent privilege escalation attacks and unauthorized data access.
  • Enforce least-privilege access for users and services.
  • Protect against zero-day exploits by limiting what compromised applications can access.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation and configuration of the SELinux on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

Prerequisites

  • A server running one of the following operating systems: Ubuntu 22.04, 20.04, and any other Debian-based distribution like Linux Mint.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • An active internet connection.
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install SELinux on Ubuntu 22.04 LTS Jammy Jellyfish

Step 1. First, Before we dive into the installation process, update your system, run the following command:

sudo apt update
sudo apt upgrade
sudo apt install wget apt-transport-https gnupg2 software-properties-common

Step 2. Check AppArmor.

Your Ubuntu 22.04 installation probably runs AppArmor by default. To verify its status run the following command:

sudo systemctl status apparmor

If it is running, you will see output like this:

apparmor.service - Load AppArmor profiles
     Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor pres>
     Active: active (exited) since Sat 2024-05-16 08:18:66 EDT; 1h 46min ago
       Docs: man:apparmor(7)
             https://gitlab.com/apparmor/apparmor/wikis/home/
    Process: 679 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, >
   Main PID: 679 (code=exited, status=0/SUCCESS)

May 10 08:16:12 imaginelinux systemd[1]: Starting Load AppArmor profiles...
May 10 08:16:12 imaginelinux apparmor.systemd[679]: Restarting AppArmor
May 10 08:16:12 imaginelinux apparmor.systemd[679]: Reloading AppArmor profiles
May 10 08:16:12 imaginelinux apparmor.systemd[707]: Skipping profile in /etc/apparmo>
May 10 08:16:12 imaginelinux systemd[1]: Finished Load AppArmor profiles.

In the more common case, where AppArmor is running, stop it:

sudo systemctl stop apparmor
sudo systemctl disable apparmor

Step 3. Installing SELinux on Ubuntu 22.04.

The first step in enabling SELinux on Ubuntu 22.04 is to install the necessary SELinux packages. These packages provide the core utilities, libraries, and policy files required for SELinux to function properly.

To install the SELinux packages, execute the following commands:

sudo apt install policycoreutils selinux-basics selinux-utils

Here’s a brief overview of each package:

  • policycoreutils: Provides the core SELinux utilities and policy management tools.
  • selinux-utils: Includes additional SELinux utilities for managing and analyzing SELinux policies.
  • selinux-basics: Contains the basic SELinux policy files and configurations.

Once it’s finished, you can then activate it:

sudo selinux-activate

Output:

SELinux is activated. You may need to reboot now.

Do not reboot immediately! First, review the current state of your new SELinux host:

getenforce

This shows the one-word response:

Disabled

This means that your SELinux is ready to work. It’s “active” but not yet turned on.

Step 4. Enabling SELinux Modes on Ubuntu 22.04.

There are three different modes that you can use with SELinux. The first is disabled, which does the same as its name. It disables using the SELinux service. When SELinux is activated, you can set it to permissive or Enforcing modes. In the permissive mode, only the monitoring of the interaction is done. However, if you want to filter and monitor the interaction, use the enforcing mode.

By default, SELinux on Ubuntu runs in permissive mode. To enable SELinux, Open the /etc/selinux/config file and set SELINUX=enforcing.

Step 5. Disable SELinux on Ubuntu 22.04.

Disabling SELinux is easier as it’s enabled and installed. Basically, there are two ways of disabling it. Either temporarily or permanently. Disabling SELinux temporarily makes it disable for a while until the next boot, and as soon as the computer is turned on again the state is restarted.

The best way to disable it is to change its status to permissive:

nano /etc/selinux/config

Follow the configuration:

FROM:
SELINUX=enforcing
TO:
SELINUX=permissive

Save and close the file, then reboot your system for the changes to take effect:

reboot

After a successful reboot, you can run the following command to check the SELinux status:

sestatus

Congratulations! You have successfully installed SELinux. Thanks for using this tutorial for installing the SELinux on Ubuntu 22.04 LTS Jammy Jellyfish system. For additional help or useful information, we recommend you check the official Ubuntu website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Back to top button